Linux Kernel networking vulnerability allowing potential DoS

A severe vulnerability in the Linux and Unix networking stack has been identified in the last few days. The vulnerability described in CVE-2018–5390 (for Linux) and CVE-2018-6922 (for FreeBSD) allows a potential risk of relatively easy exploitable denial of service attack on an affected machine. The main source of the concern is the wide spread of this issue including plenty of Linux distributions, FreeBSD and some proprietary network equipment operating systems all running the affected Linux Kernels 4.9+ or having the networking code back ported.

The vulnerability is not a complex one. Introduced in Linux Kernel 4.9, it is related to the algorithm that processes the “out of order packages” in TCP connections. That algorithm is responsible to allow the receiving and rearrangement of TCP packets with non sequential numbers in the case of network issues. The problem with the algorithm which brings the potential vulnerability is that it is very resource expensive. According to the report and the calculations just a few thousand out of order packets even from the same source are enough to cause denial of service.

The good news is that some of the most widely spread server distros might not be affected and also the vulnerability still doesn’t have a proof-of-concept exploit So although it’s reported as a severe, this is still not a global issue and patches are already available.

The list of the affected, unaffected and patched distributions constantly updates:

Ubuntu 16.04 and older – Unaffected – Kernel 4.4 is before affected 4.9+

Ubuntu 18.04 – Affected – Patch available through APT

Fedora- Affected

FreeBSD – Affected

OpenSUSE – Unconfirmed

CentOS – Unconfirmed

FreeBSD is now available for cloud servers

FreeBSD 11.1 is the addition to the images for cloud servers. The operating system designed for servers and networking now meets the power of the cloud computing.

The open source operating system project with more than 25 years of story is proven in terms of stability and reliability. Considered as a great choice for servers, FreeBSD is definitely a wonderful new addition in CloudBalkan.

Keep an eye on the new category in our blog, where soon you’ll be able to find a lot of interesting guides, tips and applications for your FreeBSD cloud servers.